The Copyright Alert System -- a "voluntary" system of disconnection threats sent to alleged file-sharers, created by entertainment companies and the large US ISPs -- has just celebrated its first birthday, having spent $2 million in order to send out 625,000 threats to people it believed to be infringers. How's that working out for them?

No one knows. The Center for Copyright Information -- which made a lot of noise about its war on piracy when it was ramping up -- has been totally silent for the past twelve months, not issuing a single press release (nor have its participating entities said anything about it in that time).

I guess there are two possibilities: one is that this was an amazing success, but they're too modest to boast.

The other one is that, like every other variant on this, as practiced in New Zealand, the UK, and France, it is an expensive boondoggle that wasted millions, alienated hundreds of thousands, and did nothing to break the copyright logjam that has been sowing chaos on the Internet since the 1990s.

This program was the brainchild of US copyright czar Victoria Espinel and the entertainment bigs, and was a predictable disaster from the outset. No doubt there will be some grossly flawed study in the near future to demonstrate that they've finally managed to invent perpetual motionsquare the circlemake Pi equal 3.1 threaten Internet users into doing their bidding.

In Graduated Response Policy and the Behavior of Digital Pirates: Evidence from the French Three-Strike (Hadopi) Law a team of business-school researchers from the University of Delaware and Université de Rennes I examine the impact of the French "three-strikes" rule on the behavior of downloaders. Under the three-strikes law, called "Hadopi," people accused of downloading would be sent a series of threatening letters, and culminating with disconnection from the Internet for a period of a year for everyone in the household. Hadopi is the entertainment industry's model for global legislation, and versions of it have been passed in the UK and New Zealand, and it has also been proposed for inclusion in the global Trans-Pacific Partnership treaty.

The researchers carefully surveyed French Internet users to discover what effect, if any, the Hadopi law had had on their behavior -- specifically, whether they were encouraged to download more from legitimate sites and pay more for music as a result of the threat of Hadopi. Their conclusion: [Hadopi] has not deterred individuals from engaging in digital piracy and that it did not reduce the intensity of illegal activity of those who did engage in piracy.

Copyright and Creation, a policy brief from a collection of respected scholars at the rock-ribbed London School of Economics, argues that the evidence shows that piracy isn't causing any grave harm to the entertainment industry, and that anti-piracy measures like the three-strikes provision in Britain's Digital Economy Act don't work. They call on lawmakers to take an evidence-led approach to Internet and copyright law, and to consider the interests of the public and not just big entertainment companies looking for legal backstops to their profit-maximisation strategies.

Evaluating Graduated Response, a new paper from Rebecca Giblin from the law school at Australia's Monash University, looks at the impact of "three strikes" and "graduated response" punishments for file-sharing. Countries including France, New Zealand, Taiwan, South Korea, the U.K., Ireland and the U.S. have adopted systems whereby people accused of file-sharing have their Internet access curtailed. This takes many forms, from losing access to YouTube and Facebook until subscribers complete a "copyright training course" designed by the entertainment industry to out-and-out disconnection from the Internet.

A good summary in IT News by Juha Saarinen discusses Giblin's findings from an in-depth survey of the file-sharing landscape before and after the introduction of three strikes rules: "There is no evidence demonstrating a causal connection between graduated response and reduced infringement. If 'effectiveness' means reducing infringement, then it is not effective."

Giblin is the author of 2011's Code Wars, an excellent book on the first ten years of file-sharing data.

After years of controversy, millions spent, and nothing to show for it, the French government has backtracked on HADOPI, the "three strikes" law that made it possible for entertainment companies to demand the termination of Internet accounts implicated in illegal downloading accusations. People whose routers are said to have been used for piracy may still face fines -- even if they can prove they didn't personally download anything illegally -- but no one will lose their Internet connection over piracy accusations in France: "the panel concluded that the three strikes mechanism had failed to benefit authorized services as promised."

As America's phone and cable companies roll out their "six strikes" plans (which they voluntarily adopted in cooperation with the big film companies), it's becoming clear that operating a public Internet hotspot is going to be nearly impossible. Anyone operating a hotspot will quickly find that it can no longer access popular sites like YouTube and Facebook, because random users have attracted unsubstantiated copyright complaints from the entertainment industry. Verizon (and possibly others) have made it clear that this will apply to businesses as well as individuals, meaning that firms will have to spy on all the traffic of all their users, all the time, and heavily censor their use of the Internet in order to prevent them from attracting these complaints.

It's not much of a stretch to see why the carriers would like this: every time you use a hotspot instead of using your phone or device's metered data-plan, they lose revenue.

Also, as the strikes get higher, there are two things to be aware of: ISPs are then more likely to hand over info to the copyright holders, meaning that it could still lead to copyright holders directly suing. That is, the "mitigation" factors are not, in any way, the sum total of the possible consequences for those accused. On top of that, we still fully expect that at least some copyright holders are planning to insist that ISPs who are aware of subscribers with multiple "strikes" are required under law to terminate their accounts. At least the RIAA has indicated that this is its interpretation of the DMCA's clause that requires service providers to have a "termination policy" for "repeat infringers." So it's quite likely that even if the ISPs have no official plan to kick people off the internet entirely under the plan, some copyright holders will still push for exactly that kind of end result.

France is on the verge of killing its ill-starred HADOPI system, whereby people who are accused of multiple acts of copyright infringement are disconnected from the Internet, along with everyone in their homes. After two years, HADOPI has spent a fortune and has nothing to show for it. HADOPI was enacted thanks to enormous pressure from American entertainment companies and the US Trade Representative, and was the first of the "three strikes" rules to make it into law (New Zealand and the UK also both capitulated to Pax America shortly after).

But the new president Hollande is determined to continue to have France play the role of crash-test dummy for America's failed copyright policy. As a condition of dismantling HADOPI, his government has proposed enacting the worst provisions of SOPA, the US copyright proposal that America roundly rejected last year. Under SOPA.fr, the French government will make intermediaries (payment processors, search engines, web hosts) liable for infringement, with broad surveillance and censorship powers.

The French Hadopi agency has prosecuted its first user under the country's insane anti-piracy laws, which provide for disconnection of whole families from the Internet if someone using their connection is accused of multiple acts of file-sharing. The first person to be convicted is a 40-year-old man whose ex-wife admitted to downloading some songs on his connection. The law ascribes blame for infringement to the person with the Internet account, not the person who infringes, so he is paying the €150 fine. He will not have his Internet connection taken away.

Hadopi was the jewel in the Sarkozy regime's crown of shitty copyright policy: a rule that said if you lived in the same house as someone who'd been accused of copyright infringement, you would lose your Internet access. Heavily lobbied for by the entertainment industry and hailed as a success thanks to dodgy, misleading studies, Hadopi is now on the outs. The agency that administers it has had its budget zeroed out. Next up: outright cancellation? EFF hopes so:

Citing extraordinary costs and scant results, a high-level French official has announced intentions to defund Hadopi1, the government agency charged with shutting off Internet access of individuals accused of repeat copyright infringement. Under the French three strikes law, Internet subscribers whose connection is repeatedly used to share copyrighted material may be disconnected from the Internet and may even have to continue paying for the service (the so-called "double pain"). The three strikes law in France runs contrary to principles of due process, innovation, and free expression—yet has unfortunately served as a template for similar legislation in countries like New Zealand, the UK, and South Korea under pressure from the entertainment industry. Defunding Hadopi may mean that France won't be focusing on enforcing its three strikes law anymore, but that's not enough. France needs to repeal the three strikes law altogether.

When copyright holders (working through professional organizations) file complaints about alleged infringement, Hadopi is authorized to contact Internet access providers and issue warnings to subscribers. After the third warning of copyright infringement is issued to a subscriber, Hadopi can recommend to a public prosecutor that the individual have her Internet connection terminated. Hadopi also maintains a blacklist of subscribers to block users from simply switching ISPs after being disconnected. Though hundreds of alleged infringers have been referred to court—Hadopi has sent 1 million warning emails, 99,000 "strike two" letters, and identified 314 people for referral to the courts for possible disconnection—no one has yet been disconnected since the law was enacted in 2009.2

In speaking about the decision to significantly reduce funding for Hadopi, French culture minister Aurelie Filippetti, stated: "€12 million per year and 60 officials; that's an expensive way to send 1 million emails." Filippetti also stated that "[T]he suspension of Internet access seems to be a disproportionate penalty given the intended goal."

IFPI, the international trade group for the record industry, has trumpeted a study that allegedly shows that France saw a surge in iTunes sales following the institution of a mass-scale regime of "disconnection warnings" -- threats to remove you and your family from the Internet if you don't stop downloading. These warnings are the first step of the controversial HADOPI system, which is the first of a series of global "three strikes" laws pushed for by IFPI.

TorrentFreak had a look at the study, which was written by researches at Wellesley College and Carnegie Mellon, and they found that none of the benefits claimed by the record industry were in its conclusions: "What the researchers found is that in France, compared to five other European countries, more music was sold through iTunes. Looking at the graph below (from the report), it’s clear that the “uplift” in France before Hadopi was introduced (March 2009) is actually much sharper than the two years after."

“We also estimated the model for the 6 months before and after September 2010, as this was the first month that HADOPI began sending out first notices. In this case, the resulting coefficient was close to zero and statistically insignificant.”

Indeed, when the three-strikes warnings were actually sent out, there was no effect on iTunes sales compared to the control countries. This is unusual, because you would expect that the hundreds of thousands of warnings that went out would have had more of an impact than the ‘news’ that this could happen in the future.

In addition, if we look at the search trends for Hadopi and The Pirate Bay we don’t see a drop in interest for the latter, suggesting that the interest for pirated goods remained stable.

Last year, the UK government held consultation into its proposed Digital Economy Act, an extremist copyright proposal created by the unelected Business Secretary Peter Mandelson. The process that followed was as dirty as any I'd ever seen (for example, the then-head of the BPI wrote an amendment proposing a national censorship regime that a LibDem Lord then introduced on his behalf. But it turns out that there was much more sleaze below the surface.

Documents released in response Freedom of Information requests show that Mandelson had already made up his mind from the start about the Act's most controversial section: the rules that said that users would have their Internet connections terminated if enough unsubstantiated infringement claims were made against their households. The "compromise" that the Act made was to suspend this measure initially, and bring it into force if the other measures in the Act failed to substantially reduce infringement. Critics called it the sham it was, saying that a 70 percent reduction in file-sharing was a delusional target, and the FOI documents show that the Act's supporters agreed -- they only intended the compromise as a means of smuggling in France-style disconnections.

Which is to say that the whole business was a sham: the Business Secretary and his pals in the record industry had stitched the whole thing up from the start, and the thousands upon thousands of Britons who wrote in never had a hope of changing things. That's why the Act was crammed through Parliament without debate in the "wash-up," hours before Labour dissolved the government.

One consultation respondent told TorrentFreak: “As someone who went to considerable effort to submit a rational and evidence-based response to the consultation on these issues, I am disappointed, although not surprised, to see that the outcome was predetermined.” The UK Pirate Party is a little more scathing.

“Its most controversial aspect – suspending people from the Internet – was already sorted out in July 2009. It appears that the consultation was just for show, and the lobbyists got all they asked for. There are now serious questions to be asked of successive governments’ relations to groups like Universal Music and the BPI.”

HADOPI, the French agency charged with disconnecting French Internet users who use the same Internet connections as accused copyright infringers, conducted a study on media purchasing habits by copyright infringers. They concluded that the biggest unauthorized downloaders are also the biggest customers for legitimate media. Just like every other study that's looked at the question, of course, but this time the study was funded and released by one of the most extreme copyright enforcement bodies on the planet.

Joe Karaganis, from SSRC, points us to the news that there's been yet another such study... and this one is from HADOPI, itself. Yes, the French agency put together to kick people off the internet for file sharing did a study on the nature of unauthorized file sharing, too. Not surprisingly (and consistent with every other study we've seen on this topic), it found that those who spend a lot of money on content... were much, much, much more likely to also get content through unauthorized means. HADOPI released the results in a somewhat convoluted way (perhaps trying to downplay this result), but Karaganis reformatted the results to make this clear.

A new report from the Organization for Security and Co-operation in Europe (OSCE) called "Freedom of Expression on the Internet" is intensely critical of Eurpean moves to censor the Internet, and is especially down on the French Hadopi rule that makes provision for disconnecting Internet users when someone is accused of using their network connections to infringe copyright. The OSCE rapporteur's conclusions are in line with the recent UN condemnation of Internet censorship and declaration that network access is a human right. Ars Technica's Nate Anderson's prepared some highlights from the report:

"Three strikes": "The increased use of so-called 'three-strikes' legal measures to combat Internet piracy is worrisome given the growing importance of the Internet in daily life... This disproportionate response is most likely to be incompatible with OSCE commitment on the 'freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.'"

Internet kill switch: "Existent legal provisions allow several OSCE participating States to completely suspend all Internet communication and 'switch off' Internet access for whole populations or segments of the public during times of war, states of emergency and in cases of imminent threat to national security. Reaffirming the importance of fully respecting the right to freedom of opinion and expression, the OSCE participating States should refrain from developing, introducing and applying 'Internet kill switch' plans as they are incompatible with the fundamental right to information."

Web blocking: "As blocking mechanisms are not immune from significant deficiencies, they may result in the blocking of access to legitimate sites and content. Further, blocking is an extreme measure and has a very strong impact on freedom of expression and the free flow of information. Participating States should therefore refrain from using blocking as a permanent solution or as a means of punishment... Blocking of online content can only be justified if in accordance with these standards and done pursuant to court order and where absolutely necessary. Blocking criteria should always be made public and provide for legal redress."

Sarkozy's latest plan for "civilizing" the Internet: a Great Firewall of France that government agencies to add URLs to without judicial oversight or public scrutiny on the basis of broad, nebulous criteria.

Information website PC INpact revealed today a draft executive order which would give the French government the power to arbitrarily censor any content or service on the Net. The French government is furthering its policy to control the Internet, in complete disregard of citizens' rights and freedoms.

To implement article 18 of the law for the Digital Economy of June 21th, 2004, the French government is proposing to give to several of its ministries the power to order the censorship of online content that harms or otherwise puts at risk public order and security, the protection of minors, of public health, national defence, or physical persons1.

Clearly, the definition of these categories of content are both vague and overreaching. Such censorship measures - whether they consist in the removal or filtering of content - would be directly undertaken by the government, without any decision by a judicial authority. In practice, they would apply to all kinds of websites or online news services2.

Last week, the private company responsible for enforcing France's "three strikes" copyright law was found to be massively insecure, prompting France to suspend the program. Under France's HADOPI copyright law, households lost their Internet connection if they received three accusations of copyright infringement committed on their network. TMG, the private contractor that maintained the system, suffered a massive breach when hackers showed that they hadn't taken even the most rudimentary steps to secure their servers.

Now, Ars Technica reports that it's not just TMG's security that's flawed -- the breach has also revealed that its data-gathering system is as untrustworthy as its perimeter security:

TMG's server was running a custom-written administration program coded in Delphi. It had the unusual security feature of not requiring any authentication at all, allowing anyone connecting to port 8500 to send commands to the server. The commands it supports are limited--shutdown or reboot the computer, stop or start a peer-to-peer client, and update the software on the server--but due to their shoddy design these commands are sufficient to allow hackers to do whatever they want. The update command connects to an FTP server, retrieves a file, and then executes it--all without authentication--and rather than connecting to a specific FTP server, it allows the server to be specified when the update command is given.

This allows an attacker to set up their own FTP server, put their malicious program onto the server, and then tell the TMG system to update from the hacker-controlled server. In this way, they can make the TMG server run whatever software they want. If all of TMG's anti-piracy servers are running the same administrative program, then they are all susceptible to being attacked in this same, trivial way.

TMG, a private contractor that administers France's HADOPI copyright system, has been hacked, resulting in a temporary suspension of HADOPI. Under HADOPI, people who use an Internet connection where one or more users have been accused of multiple acts of copyright infringement lose their Internet access for a year. TMG was in charge of storing the entertainment industry's enemies list of networks that had been used by accused infringers, and their security was basically nonexistent. The hack resulted in a dump of administrative material and IP addresses, and the head of the HADOPI agency announced that they would not gather IP addresses while they got their house in order. The UK has a plan to gather the IP addresses of networks used by accused infringers as well -- will they pick a better contractor to administer it than France did?

The problems appear to be real. Eric Walter, the head of France's HADOPI antipiracy agency that administers the "three strikes" regime, took to Twitter to tell the world that "par mesure de précaution l' #hadopi a décidé de suspendre provisoirement son interconnexion avec #TMG" [as a precautionary measure, #hadopi decided to temporarily suspend its interconnection with #TMG].

This temporary suspension of the interconnect agreement means that TMG -- the only private firm cleared to collect the IP addresses needed for HADOPI to function -- can't provide new addresses for the moment.

French tech sites like Numerama have run with the story, posting lists of questions that "need to be answered" by HADOPI and by French data-security authority CNIL.

In a fascinating interview with TVOntario's Search Engine podcast, Michael Geist describes and predicts the likely outcome of the years and years of wrangling over Canada's new copyright bill, C-61C-32, which includes a sweeping DRM clause that makes it illegal to modify your own equipment, even if you're not otherwise breaking copyright law, making it one of the most radical DRM laws in the world. Michael sees reason to hope for a more moderate C-32 in its final form -- I hope he's right.

New Zealand's three-strikes Internet law is back. Under this proposed copyright law, people who are accused without proof of multiple copyright infringements can eventually face disconnection from the Internet, along with their families. A substantively similar law was passed and then rescinded in 2009, after enormous public outcry. The parliamentary committee responsible for the legislation describes it as being based on the presumption of guilt (not innocence, as is customary in democratic societies).

Such fines would be levied by a Copyright Tribunal after a particular account holder racked up several notices, and these notices would adopt a "guilty until proven innocent" approach. As the committee report puts it, "an infringement notice establishes a presumption that infringement has occurred, but this would be open to rebuttal where an account holder had valid reasons, in which case a rights holder would have to satisfy the tribunal that the presumption was correct. We consider that such a change would fulfill more effectively the aim of having an efficient 'fast-track' system for copyright owners to obtain remedies for infringements."

It's hard to argue with the logic of speed here; creating a presumption of liability certainly will "fast-track" the process, though concerns about accuracy remain. As a New Zealand legal blogger noted this week, almost one-third of all New Zealand copyright litigation fails because rightsholders can't actually show they own the copyright and that the copyright is governed by New Zealand law. And Google has previously indicated that large percentages of the infringement claims it routinely receives are defective in some way.

InternetNZ, which runs the top-level .nz Internet domain, said in a statement that the new presumption of liability "reverses the burden of proof in the regime by saying that rights owners' notices will be considered conclusive evidence of infringement, with alleged infringers having to prove they have not done so. This reversal of proof is not a welcome development, and our initial view is that it should not be passed by Parliament."

France's HADOPI administrator (which processes copyright accusations against Internet users) is now receiving 25,000 complaints a day. A family whose household attracts three unsubstantiated complaints is disconnected from the Internet for a year. Meanwhile, use of non-P2P downloading sites to get access to infringing copies is way up.

France's "3-strikes" rule comes into effect this week, and multinational corporations are already flooding French ISPs with more than 10,000 requests a day for the personal information of accused infringers; they estimate that this number will go up to 150,000 users/day shortly. Once a user has received three unsubstantiated accusations of infringement, the entire household is cut off from the Internet for a year, and it becomes a crime for any other ISP to connect that family or household. The only opportunity to defend yourself from the charge is a brief "traffic-court"-like streamlined judiciary.

ISPs that are not able to turn over 150,000 personal identities per day face a fine of €1,500 per accused infringer.

The Internet providers will be tasked with identifying the alleged infringers' names, addresses, emails and phone numbers. If they fail to do so within 8 days they risk a fine of 1,500 euros per day for every unidentified IP-address.

To put this into perspective, a United States judge ruled recently that the ISP Time Warner only has to give up 28 IP-addresses a month (< 1 per day) to copyright holders because of the immense workload the identifications would cause.

All the major French ISPs have to cooperate with the identification process, and the first 'victims' are expected to be disconnected or fined in a few months when they receive their third warning. At this point it is doubtful whether Hadopi will in fact decrease the piracy rate.

Canadian Heritage Minister James Moore made headlines last month when he called opponents of his US-style copyright bill "radical extremists" and urged his supporters to "confront them" at every turn.

Now the Minister is declining requests from his local mainstream press to defend his own bill, which ignores the results of his own public consultation, wherein an overwhelming majority of Canadians were against protecting "digital locks" on ebooks, movies, games, and music: "Moore, who besides being heritage minister is also the Conservative MP for Port Moody-Westwood-Port Coquitlam, refused to comment on Bill C-32."

Michael Geist sez, "When Canadian Heritage Minister James Moore delivered his speech last month labeling any opponents of his copyright bill 'radical extremists,' some noted that the comments ran counter to many well-known groups and individuals who had expressed concern with the digital lock provisions found in C-32. Working with one of my research assistants Tamara Winegust, we've created an annotated edition of the speech that mixes in comments from politicians and groups involved in copyright issues."

After several weeks of delays, the Balanced Copyright for Canada site which has been engaging in astroturfing on Canadian copyright reforms, revealed its funding and advisory board late on Tuesday night, hours before the Canada Day holiday. The primary source of funding is not a surprise: this is a Canadian Recording Industry Association production.

The composition of the advisory board is interesting. First, of the 13 members, more than half are either record company executives, former record company executives, or lawyers who represent record companies. No surprise given the site's backing, but not exactly the promised "employees, unions, artists and creators." In fact, it is notable that there are very few prominent creators and not many representatives from creator groups outside the music industry such as authors, performers, directors, or artists. In fact, despite an earlier claim that Loreena McKennitt would be on the advisory board, those plans apparently changed.

The board also includes one lawyer who just three months ago argued in a paper that form letters carry little value in public policy process, yet is now on the board of a site that requires a form letter that cannot be edited in order to participate.

Hapodi, the French agency that's in charge of the country's new anti-piracy scheme (if someone you live with is accused of three acts of infringement, your whole household is taken offline and added to a list of address to which it is illegal to provide Internet access) has been accused of pirating the font used it its logo. The font designer is talking lawsuit. Hadopi says it wasn't infringement, just an "error of manipulation."

It's tempting to count coup here, but it's more important to recognize that Hadopi has proved that the copyright minefield is an unnavigable mess and that the guillotine is too blunt an instrument to use in its policing. If an organization charged with policing copyright with absolute, unaccountable power can't stop its employees from committing unwitting acts of infringement, how can a mere family ensure that no act of infringement takes place over its network connection?

In the meantime, I'm sure that if Hadopi commits two more acts of infringement, it will order its own offices taken offline for a period of a year.

Right?

The logo, already officially registered for 2 months with the National Institute of Industrial Property, had been created with an unlicensed font called "Bienvenue."

This font was originally created by an employee of France Telecom in 2000, designer Jean-François Porchez. Writer Julien L from French news site Numerama told TorrentFreak that the problem goes even deeper.

"The problem is, this font was an 'exclusive corporate typeface'. It couldn't be used for other purposes than France Telecom/Orange products," he told us...

Yesterday there was panic, as Hadopi tried to repair the damage by sourcing new matching fonts they could license legally.

Hadopi has issued an apology through gritted teeth, but while France Telecom-Orange has confirmed it won't be taking legal action over the infringement of its rights, the same cannot yet be said of Jean-François Porchez. He has contacted his lawyer to see what can be done.